Personal control of personal information

US 9,338,152 B2
Filed: 08/15/2012
Issued: 05/10/2016
Est. Priority Date: 08/15/2011
Status: Active Grant

First Claim

Patent Images

1. A method for controlling access to personal information about an individual, the method comprising:

receiving, from a third-party device through a computer network, a request for the personal information about the individual that includes a digital fingerprint of the third-party device;

sending a notification of the request for the personal information of the individual to the individual;

receiving authorization data that indicates whether the individual intends to grant the request for the personal information of the individual and a digital fingerprint of an authorizing device from which the authorization data is sent;

determining, based on the digital fingerprint, a total number of individuals for whom authorization data was sent from the authorizing device;

comparing the total number of individuals to a predetermined limit; and

upon a condition in which both (i) the authorization data indicates that the individual intends to grant the request for the personal information of the individual;

(ii) the digital fingerprint of the authorization data matches a digital fingerprint of at least one predetermined authorized device; and

(iii) the total number of individuals is no more than the predetermined limit, sending the personal information to the third-party device;

wherein sending the personal information to the third-party device comprises;

determining whether a copy of the personal information is cached in a local non-transitory computer readable medium; and

upon a condition in which no copy of the personal information is cached in the local non-transitory computer readable medium;

retrieving the personal information from a remotely located computer system; and

caching a copy of the personal information in the local non-transitory computer readable medium.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A personal information server provides personal information about an individual to a third-party only when authorized by the individual through use of a previously authenticated computing device. The personal information server authenticates both the computing device used by the third-party to access the personal data and the device used by the individual to grant or deny such access using highly secure digital fingerprints of each. The individual can allow the third-party multiple instances of access to the personal information within restrictions specified by the individual. Other advantages also arise from large-scale tracking of which devices access and control personal information of many people—particularly with respect to identifying and preventing fraud and identity theft.

Citations

5 Claims

1. A method for controlling access to personal information about an individual, the method comprising:
- receiving, from a third-party device through a computer network, a request for the personal information about the individual that includes a digital fingerprint of the third-party device;
  
  sending a notification of the request for the personal information of the individual to the individual;
  
  receiving authorization data that indicates whether the individual intends to grant the request for the personal information of the individual and a digital fingerprint of an authorizing device from which the authorization data is sent;
  
  determining, based on the digital fingerprint, a total number of individuals for whom authorization data was sent from the authorizing device;
  
  comparing the total number of individuals to a predetermined limit; and
  
  upon a condition in which both (i) the authorization data indicates that the individual intends to grant the request for the personal information of the individual;
  
  (ii) the digital fingerprint of the authorization data matches a digital fingerprint of at least one predetermined authorized device; and
  
  (iii) the total number of individuals is no more than the predetermined limit, sending the personal information to the third-party device;
  
  wherein sending the personal information to the third-party device comprises;
  
  determining whether a copy of the personal information is cached in a local non-transitory computer readable medium; and
  
  upon a condition in which no copy of the personal information is cached in the local non-transitory computer readable medium;
  
  retrieving the personal information from a remotely located computer system; and
  
  caching a copy of the personal information in the local non-transitory computer readable medium.
- View Dependent Claims (2, 3)
- - 2. The method of claim 1 further comprising:
    - upon a condition in which the authorization data indicates that the individual intends to deny the request for the personal information of the individual, recording data that indicates that the third-party device may be used in perpetrating fraud; and
      
      upon a condition in which the digital fingerprint of the authorization data does not match a digital fingerprint of any predetermined authorized device, recording data that indicates that the authorizing device may be used in perpetrating fraud.
  - 3. The method of claim 1 wherein authorization data specifies one or more restrictions for subsequent access to the personal information of the individual through the third-party device, the one or more restrictions selected from a group consisting essentially of:
    - one or more periods of time during which access to the personal information is granted;
      
      a maximum number of times access to the personal information will be granted;
      
      a minimum frequency of access to the personal information; and
      
      one or more types of information of the personal information; and
      
      the method further comprising;
      
      determining whether one or more subsequent requests for the personal information received from the third-party device comport with the restrictions; and
      
      upon a condition in which a subsequent request from the third-party device for the personal information comports with the restrictions, sending the personal information to the third-party device without obtaining reauthorization from the individual.

4. A computer system comprising:
- at least one processor;
  
  a non-transitory computer readable medium that is operatively coupled to the processor;
  
  network access circuitry that is operatively coupled to the processor; and
  
  personal information server logic (i) that executes in the processor from the non-transitory computer readable medium and (ii) that, when executed by the processor, causes the computer to control access to personal information about an individual by at least;
  
  receiving, from a third-party device through a computer network, a request for the personal information about the individual that includes a digital fingerprint of the third-party device;
  
  sending a notification of the request for the personal information of the individual to the individual;
  
  receiving authorization data that indicates whether the individual intends to grant the request for the personal information of the individual and a digital fingerprint of an authorizing device from which the authorization data is sent;
  
  determining, based on the digital fingerprint, a total number of individuals for whom authorization data was sent from the authorizing device;
  
  comparing the total number of individuals to a predetermined limit; and
  
  upon a condition in which both (i) the authorization data indicates that the individual intends to grant the request for the personal information of the individual;
  
  (ii) the digital fingerprint of the authorization data matches a digital fingerprint of at least one predetermined authorized device; and
  
  (iii) the total number of individuals is no more than the predetermined limit, sending the personal information to the third-party device;
  
  wherein sending the personal information to the third-party device comprises;
  
  determining whether a copy of the personal information is cached in a local non-transitory computer readable medium; and
  
  upon a condition in which no copy of the personal information is cached in the local non-transitory computer readable medium;
  
  retrieving the personal information from a remotely located computer system; and
  
  caching a copy of the personal information in the local non-transitory computer readable medium.
- View Dependent Claims (5)
- - 5. The computer system of claim 4 wherein the personal information server logic causes the computer to control access to personal information about an individual by at least also:
    - obscuring at least a portion of one or more particularly sensitive items of the personal information to produce obscured personal information;
      
      wherein the particularly sensitive items are selected from a group consisting essentially of;
      
      a social security number of the individual, identifiers of the individual, and account numbers of financial accounts held by the individual; and
      
      further wherein the sending of the personal information to the third-party device includes sending the obscured personal information to the third-party device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Uniloc 2017 LLC (FIG LLC (d/b/a Fortress Investment Group LLC))
Original Assignee
Uniloc Luxembourg S.à r.l. (f/k/a Uniloc Luxembourg S.A.) (Uniloc Corporation Pty. Limited)
Inventors
Etchegoyen, Craig S.
Primary Examiner(s)
Georgandellis, Andrew

Application Number

US13/586,057
Publication Number

US 20130055357A1
Time in Patent Office

1,364 Days
Field of Search

726/4
US Class Current

1/1
CPC Class Codes

G06F 21/34   involving the use of extern...

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

Personal control of personal information

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

5 Claims

Specification

Solutions

Use Cases

Quick Links

Personal control of personal information

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

5 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links